Account Linking and SSO

Hello Community!

I am trying to understand how Account Linking and SSO work together. I have the next setup on my tenant:

  • I have 2 applications(A and B)
  • I have 2 Auth0 DB connections(C1 and C2)
    • On connection C1, I have a user created with the email user@abc.com
    • On connection C2, I have a user created with the same user@abc.com email
  • Each application has an Auth0 DB connection enabled
    • Application A has enabled connection C1
    • Application B has enabled connection C2
  • I linked both user accounts from C1 and C2 for email user@abc.com using the ManagementAPI

Given the above setup, the scenario I am trying to understand is this:

  1. I log in with user user@abc.com on application A
  2. I enter the credentials of the user for connection C1
  3. User is logged in and I am redirected to my application A
  4. With the user logged in, I open a new tab and try to go to my application B
  5. I am being redirected to auth0 to log in on application B

As I already linked the 2 user accounts into 1, I expected that once I logged in on application A with user@abc.com credentials, then I wouldn’t need to enter credentials when trying to log in to application B, I was expecting to have an SSO experience.

So, now I am wondering:

  • If I described the expected behavior, how can I have an SSO experience given the setup I mentioned?

Make Sure: Go to Applications-> Connections → Enable C1 and C2 for both Application A and B.
Also: Check your logs, you are probably getting a cross origin request error. If so, look into Cross-Origin Authentication
I hope this helps.

Hi @spoudel

Thanks for the response!

As you suggested, after enabling both connections on both applications I have the SSO experience, which is great, but now I am wondering if maybe there is another way to get the same SSO experience without needing to enable the connection on both applications, maybe do you know about some other way of achieving that?

I also checked the logs, and I am not having the cross-origin request error, I think that is because I am using the Universal Login.

Regards!